CVE-2026-48773 ProxySQL CVE debrief

Who should care

Defenders responsible for ProxySQL instances, particularly those using versions 2.0.18 through 3.0.8, should prioritize patching or mitigating this vulnerability. This includes administrators of databases using ProxySQL for MySQL or PostgreSQL connectivity. Given the pre-authentication nature of the vulnerability and its critical CVSS score, immediate attention is necessary to limit exposure.

Technical summary

The vulnerability exists in the MySQL and PostgreSQL protocol first-read paths of ProxySQL. An attacker can declare an oversized first packet length, which ProxySQL then passes directly to `recv()` while writing into a fixed 32 KB input queue. This can lead to heap memory corruption. The issue was introduced in ProxySQL versions 2.0.18 and affects versions up to 3.0.8. The vulnerability is addressed in ProxySQL version 3.0.9.

Defensive priority

High priority due to pre-authentication and critical CVSS score of 9.8.

Recommended defensive actions

• Apply the patch by upgrading to ProxySQL version 3.0.9 or later.
• Inventory ProxySQL instances to identify those running vulnerable versions (2.0.18-3.0.8).
• Review official advisories and vendor-supported remediation guidance.
• Consider compensating controls, such as limiting access to ProxySQL instances.
• Monitor for potential exploitation attempts.

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and the NVD detail page. The vulnerability affects ProxySQL versions 2.0.18 through 3.0.8. Defenders should verify the version of ProxySQL in use and check for the patch in version 3.0.9. The CVE and NVD provide official sources for this information.

Official resources